[unisog] Password policies

Saqib Ali docbook.xml at gmail.com
Wed Apr 19 17:42:46 GMT 2006


> Requiring frequent changes only pushes people to writing the passwords
> on sticky notes stuck to their monitors.  Is there any data to support
> the idea that changing every 3 months is better than changing every
> 3 decades?

Offcourse. It depends on how long it takes to crack / guess a
password. If a hyrid-brute-force attack takes 3 months to crack a
password, then having a password lifetime of 3 decade would be pretty
foolish.

The password expiration should be set to a time period that is LESS
then the amount of time  required to brute-force a password.

--
Saqib Ali, CISSP, ISSAP
Support http://www.capital-punishment.net
-----------
"I fear, if I rebel against my Lord, the retribution of an Awful Day
(The Day of Resurrection)" Al-Quran 6:15
-----------



More information about the unisog mailing list